package com.tpc.server.systeme.utils;

import com.tpc.dao.extend.User;
import java.sql.Connection;
import java.util.logging.Logger;
import java.util.Properties;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

/**
 *
 * @author frederic.fortin
 */
public class SecuriteManager {

    private HttpSession objSession;
    private Properties objProperties;
    private Properties xtendProperties;
    private DatabaseManager databaseManager;
    private DatabaseManager xtendDataBaseManager;
    private User objUser;
    private final static Logger objLog = Logger.getLogger(SecuriteManager.class.getName());
    
    public SecuriteManager(HttpServletRequest request) throws Exception {
        if (request.getSession(false) != null) {
            objSession = request.getSession(false);
            if (objSession.getAttribute("init") != null) {
                if (objSession.getAttribute("TPC_USER") != null) {
                    objProperties = (Properties) objSession.getAttribute("TPC_PROPERTIES");
                    xtendProperties = (Properties) objSession.getAttribute("TPC_XTEND_PROPERTIES");
                    databaseManager = new DatabaseManager(objProperties);
                    //xtendDataBaseManager = new DatabaseManager(xtendProperties);
                    objUser = (User) objSession.getAttribute("TPC_USER");
                }
                else {
                    Exception objEx = new Exception("USER IS NULL inside SESSION");
                    objLog.info(objEx.getMessage());
                    throw objEx;
                }
            }
            else {
                Exception objEx = new Exception("SESSION is not VALID. Level 2.");
                objLog.info(objEx.getMessage());
                throw objEx;
            }
        }
        else {
            Exception objEx = new Exception("SESSION is not VALID. Level 1.");
            objLog.info(objEx.getMessage());
            throw objEx;
        }
    }

    public HttpSession getSession() {
        return objSession;
    }

    public Properties getProperties() {
        return objProperties;
    }
    public Properties getXtendProperties() {
        return xtendProperties;
    }

    public DatabaseManager getDataBaseManager() {
        return databaseManager;
    }
    
    public DatabaseManager getXtendDataBaseManager() {
        return xtendDataBaseManager;
    }

    public User getUser() {
        return objUser;
    }

    public boolean isAccessAllowed(String CLASS, String PERMISSION) {
        try {
            // boolean blnAccess = false; should set to flase when debug is done and the method is really functionnal
            boolean blnAccess = true;
            
            // first get list of group for this object / permission
            String[] GROUPS = loadGroupsPermission(CLASS,PERMISSION);

            // LOOP through GROUPS to see if User Groups match one of the GROUPS with the good permission
            if (GROUPS != null) {
                for (int i = 0; i < GROUPS.length; i++) {
                    if (objUser.getGroups() != null) {
                        for (int y = 0; y < objUser.getGroups().length; y++) {
                            if (GROUPS[i].equals(objUser.getGroups()[y])) {
                                blnAccess = true;
                            }
                        }
                    }
                }
            }

            return blnAccess;
        }
        catch (Exception objEx) {
            objLog.info(objEx.getMessage());
            return false;
        }
    }

    private String[] loadGroupsPermission(String CLASS, String PERMISSION) {
        String sqlQuery = "SELECT groupId FROM permission WHERE application = ? AND permission = ? AND life = ?";
        return null;
    }

}
